What's new arround internet
| Src | Date (GMT) | Titre | Description | Tags | Stories | Notes |
 |
2021-06-08 00:56:59 | U.S. Recovers $2.3 Million Ransom Paid to Colonial Pipeline Hackers (lien direct) | In a major blow, the U.S. Department of Justice on Monday said it has recovered 63.7 bitcoins (currently valued at $2.3 million) paid by Colonial Pipeline to the DarkSide ransomware extortionists on May 8, pursuant to a seizure warrant that was authorized by the Northern District of California.
The ransomware attack also hobbled the pipeline company's fuel supply, prompting the government to |
Ransomware | ||
|
2021-06-07 03:41:42 | Hackers Breached Colonial Pipeline Using Compromised VPN Password (lien direct) | The ransomware cartel that masterminded the Colonial Pipeline attack early last month crippled the pipeline operator's network using a compromised virtual private network (VPN) account password, the latest investigation into the incident has revealed.
The development, which was reported by Bloomberg on Friday, involved gaining an initial foothold into the networks as early as April 29 through |
Ransomware | ||
|
2021-06-02 04:27:29 | The Incident Response Plan - Preparing for a Rainy Day (lien direct) | The unfortunate truth is that while companies are investing more in cyber defenses and taking cybersecurity more seriously than ever, successful breaches and ransomware attacks are on the rise. While a successful breach is not inevitable, it is becoming more likely despite best efforts to prevent it from happening.
Just as it wasn't raining when Noah built the ark, companies must face the fact |
Ransomware | ||
|
2021-06-01 08:06:28 | Malware Can Use This Trick to Bypass Ransomware Defense in Antivirus Solutions (lien direct) | Researchers have disclosed significant security weaknesses in popular software applications that could be abused to deactivate their protections and take control of allow-listed applications to perform nefarious operations on behalf of the malware to defeat anti-ransomware defenses.
The twin attacks, detailed by academics from the University of Luxembourg and the University of London, are aimed |
Ransomware Malware | ||
|
2021-05-26 08:30:57 | Data Wiper Malware Disguised As Ransomware Targets Israeli Entities (lien direct) | Researchers on Tuesday disclosed a new espionage campaign that resorts to destructive data-wiping attacks targeting Israeli entities at least since December 2020 that camouflage the malicious activity as ransomware extortions.
Cybersecurity firm SentinelOne attributed the attacks to a nation-state actor affiliated with Iran it tracks under the moniker "Agrius."
"An analysis of what at first |
Ransomware Malware | ||
|
2021-05-24 05:54:49 | What To Do When Your Business Is Hacked (lien direct) | As businesses move to a remote workforce, hackers have increased their activity to capitalize on new security holes. Cybercriminals often use unsophisticated methods that continue to be extremely successful.
These include phishing emails to harvest credentials and gain easy access to business-critical environments.
Hackers are also using ransomware to hold your data hostage, demanding a ransom |
Ransomware | ||
|
2021-05-22 00:00:22 | FBI Warns Conti Ransomware Hit 16 U.S. Health and Emergency Services (lien direct) | The adversary behind Conti ransomware targeted no fewer than 16 healthcare and first responder networks in the U.S. within the past year, totally victimizing over 400 organizations worldwide, 290 of which are situated in the country.
That's according to a new flash alert issued by the U.S. Federal Bureau of Investigation (FBI) on Thursday.
"The FBI identified at least 16 Conti ransomware attacks |
Ransomware | ||
|
2021-05-21 08:16:05 | Insurance Firm CNA Financial Reportedly Paid Hackers $40 Million in Ransom (lien direct) | U.S. insurance giant CNA Financial reportedly paid $40 million to a ransomware gang to recover access to its systems following an attack in March, making it one the most expensive ransoms paid to date.
The development was first reported by Bloomberg, citing "people with knowledge of the attack." The adversary that staged the intrusion is said to have allegedly demanded $60 million a week after |
Ransomware | ||
|
2021-05-21 01:46:35 | Microsoft Warns of Data Stealing Malware That Pretends to Be Ransomware (lien direct) | Microsoft on Thursday warned of a "massive email campaign" that's pushing a Java-based STRRAT malware to steal confidential data from infected systems while disguising itself as a ransomware infection.
"This RAT is infamous for its ransomware-like behavior of appending the file name extension .crimson to files without actually encrypting them," the Microsoft Security Intelligence team said in a |
Ransomware Malware | ||
|
2021-05-19 07:20:40 | DarkSide Ransomware Gang Extorted $90 Million from Several Victims in 9 Months (lien direct) | DarkSide, the hacker group behind the Colonial Pipeline ransomware attack earlier this month, received $90 million in bitcoin payments following a nine-month ransomware spree, making it one of the most profitable cybercrime groups.
"In total, just over $90 million in bitcoin ransom payments were made to DarkSide, originating from 47 distinct wallets," blockchain analytics firm Elliptic said. " |
Ransomware | ||
|
2021-05-17 00:26:31 | U.S. Pipeline Ransomware Attackers Go Dark After Servers and Bitcoin Are Seized (lien direct) | Just as Colonial Pipeline restored all of its systems to operational status in the wake of a crippling ransomware incident a week ago, DarkSide, the cybercrime syndicate behind the attack, claimed it lost control of its infrastructure, citing a law enforcement seizure.
All the dark websites operated by the gang, including its DarkSide Leaks blog, ransom collection site, and breach data content |
Ransomware | ||
|
2021-05-14 00:57:10 | Colonial Pipeline Paid Nearly $5 Million in Ransom to Cybercriminals (lien direct) | Colonial Pipeline on Thursday restored operations to its entire pipeline system nearly a week following a ransomware infection targeting its IT systems, forcing it to reportedly shell out nearly $5 million to restore control of its computer networks.
"Following this restart, it will take several days for the product delivery supply chain to return to normal," the company said in a statement on |
Ransomware | ||
|
2021-05-12 00:16:12 | Ransomware Gang Leaks Metropolitan Police Data After Failed Negotiations (lien direct) | The cybercrime syndicate behind Babuk ransomware has leaked more personal files belonging to the Metropolitan Police Department (MPD) after negotiations with the DC Police broke down, warning that they intend to publish all data ransom demands are not met.
"The negotiations reached a dead end, the amount we were offered does not suit us, we are posting 20 more personal files on officers, you can |
Ransomware | ||
|
2021-05-11 00:45:08 | U.S. Declares Emergency in 17 States Over Fuel Pipeline Cyber Attack (lien direct) | The ransomware attack against Colonial Pipeline's networks has prompted the U.S. Federal Motor Carrier Safety Administration (FMCSA) to issue a regional emergency declaration in 17 states and the District of Columbia (D.C.).
The declaration provides a temporary exemption to Parts 390 through 399 of the Federal Motor Carrier Safety Regulations (FMCSRs), allowing alternate transportation of |
Ransomware | ||
|
2021-05-09 01:28:44 | Ransomware Cyber Attack Forced the Largest U.S. Fuel Pipeline to Shut Down (lien direct) | Colonial Pipeline, which carries 45% of the fuel consumed on the U.S. East Coast, on Saturday said it halted operations due to a ransomware attack, once again demonstrating how infrastructure is vulnerable to cyberattacks.
"On May 7, the Colonial Pipeline Company learned it was the victim of a cybersecurity attack," the company said in a statement posted on its website. "We have since determined |
Ransomware | ||
|
2021-05-03 02:12:48 | Researchers Uncover Iranian State-Sponsored Ransomware Operation (lien direct) | Iran has been linked to yet another state-sponsored ransomware operation through a contracting company based in the country, according to new analysis.
"Iran's Islamic Revolutionary Guard Corps (IRGC) was operating a state-sponsored ransomware campaign through an Iranian contracting company called 'Emen Net Pasargard' (ENP)," cybersecurity firm Flashpoint said in its findings summarizing three |
Ransomware | ||
|
2021-04-30 06:01:07 | Hackers Exploit SonicWall Zero-Day Bug in FiveHands Ransomware Attacks (lien direct) | An "aggressive" financially motivated threat group tapped into a zero-day flaw in SonicWall VPN appliances prior to it being patched by the company to deploy a new strain of ransomware called FIVEHANDS.
The group, tracked by cybersecurity firm Mandiant as UNC2447, took advantage of an "improper SQL command neutralization" flaw in the SSL-VPN SMA100 product (CVE-2021-20016, CVSS score 9.8) that |
Ransomware Threat | ||
|
2021-04-27 04:59:11 | Hackers Threaten to Leak D.C. Police Informants\' Info If Ransom Is Not Paid (lien direct) | The Metropolitan Police Department (MPD) of the District of Columbia has become the latest high-profile government agency to fall victim to a ransomware attack.
The Babuk Locker gang claimed in a post on the dark web that they had compromised the DC Police's networks and stolen 250 GB of unencrypted files. Screenshots shared by the group, and seen by The Hacker News, include various folders |
Ransomware | ||
|
2021-04-26 02:50:01 | Emotet Malware Destroys Itself From All Infected Computers (lien direct) | Emotet, the notorious email-based Windows malware behind several botnet-driven spam campaigns and ransomware attacks, was automatically wiped from infected computers en masse following a European law enforcement operation.
The development comes three months after a coordinated disruption of Emotet as part of "Operation Ladybird" to seize control of servers used to run and maintain the malware |
Ransomware Spam Malware | ||
|
2021-04-23 07:43:43 | New QNAP NAS Flaws Exploited In Recent Ransomware Attacks - Patch It! (lien direct) | A new ransomware strain called "Qlocker" is targeting QNAP network attached storage (NAS) devices as part of an ongoing campaign and encrypting files in password-protected 7zip archives.
First reports of the infections emerged on April 20, with the adversaries behind the operations demanding a bitcoin payment (0.01 bitcoins or about $500.57) to receive the decryption key.
In response to the |
Ransomware | ||
|
2021-04-21 05:47:27 | Hackers threaten to leak stolen Apple blueprints if $50 million ransom isn\'t paid (lien direct) | Prominent Apple supplier Quanta on Wednesday said it suffered a ransomware attack from the REvil ransomware group, which is now demanding the iPhone maker pay a ransom of $50 million to prevent leaking sensitive files on the dark web.
In a post shared on its deep web "Happy Blog" portal, the threat actor said it came into possession of schematics of the U.S. company's products such as MacBooks |
Ransomware Threat | ||
|
2021-04-08 06:13:17 | Hackers Exploit Unpatched VPNs to Install Ransomware on Industrial Targets (lien direct) | Unpatched Fortinet VPN devices are being targeted in a series of attacks against industrial enterprises in Europe to deploy a new strain of ransomware called "Cring" inside corporate networks.
At least one of the hacking incidents led to the temporary shutdown of a production site, said cybersecurity firm Kaspersky in a report published on Wednesday, without publicly naming the victim.
The |
Ransomware | ||
|
2021-03-25 05:05:29 | Black Kingdom Ransomware Hunting Unpatched Microsoft Exchange Servers (lien direct) | More than a week after Microsoft released a one-click mitigation tool to mitigate cyberattacks targeting on-premises Exchange servers, the company disclosed that patches have been applied to 92% of all internet-facing servers affected by the ProxyLogon vulnerabilities.
The development, a 43% improvement from the previous week, caps off a whirlwind of espionage and malware campaigns that hit |
Ransomware Malware | ||
|
2021-03-19 04:34:08 | Tesla Ransomware Hacker Pleads Guilty; Swiss Hacktivist Charged for Fraud (lien direct) | The U.S. Department of Justice yesterday announced updates on two separate cases involving cyberattacks-a Swiss hacktivist and a Russian hacker who planned to plant malware in the Tesla company.
A Swiss hacker who was involved in the intrusion of cloud-based surveillance firm Verkada and exposed camera footage from its customers was charged by the U.S. Department of Justice (DoJ) on Thursday |
Ransomware Malware | ★★★ | |
|
2021-03-12 00:43:28 | Hackers Are Targeting Microsoft Exchange Servers With Ransomware (lien direct) | It didn't take long. Intelligence agencies and cybersecurity researchers had been warning that unpatched Exchange Servers could open the pathway for ransomware infections in the wake of swift escalation of the attacks since last week.
Now it appears that threat actors have caught up.
According to the latest reports, cybercriminals are leveraging the heavily exploited ProxyLogon Exchange Server |
Ransomware Threat | ||
|
2021-03-02 07:02:29 | Researchers Unearth Links Between SunCrypt and QNAPCrypt Ransomware (lien direct) | SunCrypt, a ransomware strain that went on to infect several targets last year, may be an updated version of the QNAPCrypt ransomware, which targeted Linux-based file storage systems, according to new research.
"While the two ransomware [families] are operated by distinct different threat actors on the dark web, there are strong technical connections in code reuse and techniques, linking the |
Ransomware Threat | ||
|
2021-03-01 06:18:35 | Gootkit RAT Using SEO to Distribute Malware Through Compromised Sites (lien direct) | A framework notorious for delivering a banking Trojan has received a facelift to deploy a wider range of malware, including ransomware payloads.
"The Gootkit malware family has been around more than half a decade – a mature Trojan with functionality centered around banking credential theft," Sophos researchers Gabor Szappanos and Andrew Brandt said in a write-up published today.
"In recent years |
Ransomware Malware | ||
|
2021-02-24 04:32:23 | Everything You Need to Know About Evolving Threat of Ransomware (lien direct) | The cybersecurity world is constantly evolving to new forms of threats and vulnerabilities. But ransomware proves to be a different animal-most destructive, persistent, notoriously challenging to prevent, and is showing no signs of slowing down.
Falling victim to a ransomware attack can cause significant data loss, data breach, operational downtime, costly recovery, legal consequences, and |
Ransomware Threat | ||
|
2021-01-28 02:26:43 | Authorities Seize Dark-Web Site Linked to the Netwalker Ransomware (lien direct) | U.S. and Bulgarian authorities this week took control of the dark web site used by the NetWalker ransomware cybercrime group to publish data stolen from its victims.
"We are striking back against the growing threat of ransomware by not only bringing criminal charges against the responsible actors, but also disrupting criminal online infrastructure and, wherever possible, recovering ransom |
Ransomware Threat | ||
|
2021-01-28 01:41:53 | European Authorities Disrupt Emotet - World\'s Most Dangerous Malware (lien direct) | Law enforcement agencies from as many as eight countries dismantled the infrastructure of Emotet, a notorious email-based Windows malware behind several botnet-driven spam campaigns and ransomware attacks over the past decade.
The coordinated takedown of the botnet on Tuesday - dubbed "Operation Ladybird" - is the result of a joint effort between authorities in the Netherlands, Germany, the U.S. |
Ransomware Spam Malware | ||
|
2021-01-13 02:07:16 | Intel Adds Hardware-Enabled Ransomware Detection to 11th Gen vPro Chips (lien direct) | Intel and Cybereason have partnered to build anti-ransomware defenses into the chipmaker's newly announced 11th generation Core vPro business-class processors.
The hardware-based security enhancements are baked into Intel's vPro platform via its Hardware Shield and Threat Detection Technology (TDT), enabling profiling and detection of ransomware and other threats that have an impact on the CPU |
Ransomware | ||
|
2020-12-16 06:33:56 | Ransomware Attackers Using SystemBC Malware With RAT and Tor Proxy (lien direct) | Cybercriminals are increasingly outsourcing the task of deploying ransomware to affiliates using commodity malware and attack tools, according to new research.
In a new analysis published by Sophos today and shared with The Hacker News, recent deployments of Ryuk and Egregor ransomware have involved the use of SystemBC backdoor to laterally move across the network and fetch additional payloads |
Ransomware Malware | ||
|
2020-12-11 09:25:37 | Mount Locker Ransomware Offering Double Extortion Scheme to Other Hackers (lien direct) | A relatively new ransomware strain behind a series of breaches on corporate networks has developed new capabilities that allow it to broaden the scope of its targeting and evade security software-as well as with ability for its affiliates to launch double extortion attacks.
The MountLocker ransomware, which only began making the rounds in July 2020, has already gained notoriety for stealing |
Ransomware | ||
|
2020-12-08 03:11:00 | Download: How XDR Platforms Are Changing The Game For Ransomware Protection (lien direct) | There seems to be a new ransomware story every day - a new ransomware attack, a new ransomware technique, criminals not providing encryption keys after receiving ransom payments, private data being publicly released by ransomware attackers-it never ends.
Just last month, the FBI, the Department of Health and Human Services (HHS), and the Cybersecurity and Infrastructure Security Agency (CISA) |
Ransomware | ||
|
2020-10-28 22:59:15 | FBI, DHS Warn Of Possible Major Ransomware Attacks On Healthcare Systems (lien direct) | The US Federal Bureau of Investigation (FBI), Departments of Homeland Security, and Health and Human Services (HHS) issued a joint alert Wednesday warning of an "imminent" increase in ransomware and other cyberattacks against hospitals and healthcare providers.
"Malicious cyber actors are targeting the [Healthcare and Public Health] Sector with TrickBot malware, often leading to ransomware |
Ransomware Guideline | ||
|
2020-10-14 06:05:01 | FIN11 Hackers Spotted Using New Techniques In Ransomware Attacks (lien direct) | A financially-motivated threat actor known for its malware distribution campaigns has evolved its tactics to focus on ransomware and extortion.
According to FireEye's Mandiant threat intelligence team, the collective - known as FIN11 - has engaged in a pattern of cybercrime campaigns at least since 2016 that involves monetizing their access to organizations' networks, in addition to deploying |
Ransomware Malware Threat | ||
|
2020-10-12 00:52:49 | Watch Out - Microsoft Warns Android Users About A New Ransomware (lien direct) | Microsoft has warned about a new strain of mobile ransomware that takes advantage of incoming call notifications and Android's Home button to lock the device behind a ransom note.
The findings concern a variant of a known Android ransomware family dubbed "MalLocker.B" which has now resurfaced with new techniques, including a novel means to deliver the ransom demand on infected devices as well as |
Ransomware | ★★★ | |
|
2020-09-23 02:07:58 | A New Hacking Group Hitting Russian Companies With Ransomware (lien direct) | As ransomware attacks against critical infrastructure continue to spike in recent months, cybersecurity researchers have uncovered a new entrant that has been actively trying to conduct multistage attacks on large corporate networks of medical labs, banks, manufacturers, and software developers in Russia.
The ransomware gang, codenamed "OldGremlin" and believed to be a Russian-speaking threat |
Ransomware | ||
|
2020-09-21 03:34:14 | A Patient Dies After Ransomware Attack Paralyzes German Hospital Systems (lien direct) | German authorities last week disclosed that a ransomware attack on the University Hospital of Düsseldorf (UKD) caused a failure of IT systems, resulting in the death of a woman who had to be sent to another hospital that was 20 miles away.
The incident marks the first recorded casualty as a consequence of cyberattacks on critical healthcare facilities, which has ramped up in recent months.
The |
Ransomware | ||
|
2020-08-17 05:45:27 | Researchers Exploited A Bug in Emotet to Stop the Spread of Malware (lien direct) | Emotet, a notorious email-based malware behind several botnet-driven spam campaigns and ransomware attacks, contained a flaw that allowed cybersecurity researchers to activate a kill-switch and prevent the malware from infecting systems for six months.
"Most of the vulnerabilities and exploits that you read about are good news for attackers and bad news for the rest of us," Binary Defense's |
Ransomware Spam Malware | ||
|
2020-07-24 01:10:41 | Smartwatch Maker Garmin Shuts Down Services After Ransomware Attack (lien direct) | Garmin, the maker of fitness trackers, smartwatches and GPS-based wearable devices, is currently dealing with a massive worldwide service interruption after getting hit by a targeted ransomware attack, an employee of the company told The Hacker News on condition of anonymity.
The company's website and the Twitter account say, "We are currently experiencing an outage that affects Garmin.com and |
Ransomware | ||
|
2020-07-01 02:08:13 | A New Ransomware Targeting Apple macOS Users Through Pirated Apps (lien direct) | Cybersecurity researchers this week discovered a new type of ransomware targeting macOS users that spreads via pirated apps.
According to several independent reports from K7 Lab malware researcher Dinesh Devadoss, Patrick Wardle, and Malwarebytes, the ransomware variant - dubbed "EvilQuest" - is packaged along with legitimate apps, which upon installation, disguises itself as Apple's |
Ransomware Malware | ||
|
2020-05-13 02:35:07 | U.S Defence Warns of 3 New Malware Used by North Korean Hackers (lien direct) | Yesterday, on the 3rd anniversary of the infamous global WannaCry ransomware outbreak for which North Korea was blamed, the U.S. government released information about three new malware strains used by state-sponsored North Korean hackers.
Called COPPERHEDGE, TAINTEDSCRIBE, and PEBBLEDASH, the malware variants are capable of remote reconnaissance and exfiltration of sensitive information from |
Ransomware Malware | Wannacry | |
|
2020-04-14 03:00:07 | Hackers Targeting Critical Healthcare Facilities With Ransomware During Coronavirus Pandemic (lien direct) | As hospitals around the world are struggling to respond to the coronavirus crisis, cybercriminals-with no conscience and empathy-are continuously targeting healthcare organizations, research facilities, and other governmental organizations with ransomware and malicious information stealers.
The new research, published by Palo Alto Networks and shared with The Hacker News, confirmed that "the |
Ransomware | ||
|
2020-02-19 03:43:46 | US Govt Warns Critical Industries After Ransomware Hits Gas Pipeline Facility (lien direct) | The U.S. Department of Homeland Security's Cybersecurity and Infrastructure Security Agency (CISA) earlier today issued a warning to all industries operating critical infrastructures about a new ransomware threat that if left unaddressed could have severe consequences.
The advisory comes in response to a cyberattack targeting an unnamed natural gas compression facility that employed |
Ransomware Threat | ||
|
2020-02-12 04:47:20 | Emotet Malware Now Hacks Nearby Wi-Fi Networks to Infect New Victims (lien direct) | Emotet, the notorious trojan behind a number of botnet-driven spam campaigns and ransomware attacks, has found a new attack vector: using already infected devices to identify new victims that are connected to nearby Wi-Fi networks.
According to researchers at Binary Defense, the newly discovered Emotet sample leverages a "Wi-Fi spreader" module to scan Wi-Fi networks, and then attempts to |
Ransomware Spam Malware | ||
|
2019-12-11 08:16:14 | New Zeppelin Ransomware Targeting Tech and Health Companies (lien direct) | A new variant of Vega ransomware family, dubbed Zeppelin, has recently been spotted in the wild targeting technology and healthcare companies across Europe, the United States, and Canada.
However, if you reside in Russia or some other ex-USSR countries like Ukraine, Belorussia, and Kazakhstan, breathe a sigh of relief, as the ransomware terminates its operations if found itself on machines |
Ransomware | ★★★★ | |
|
2019-12-10 01:28:44 | Snatch Ransomware Reboots Windows in Safe Mode to Bypass Antivirus (lien direct) | Cybersecurity researchers have spotted a new variant of the Snatch ransomware that first reboots infected Windows computers into Safe Mode and only then encrypts victims' files to avoid antivirus detection.
Unlike traditional malware, the new Snatch ransomware chooses to run in Safe Mode because in the diagnostic mode Windows operating system starts with a minimal set of drivers and services |
Ransomware | ||
|
2019-11-19 05:35:56 | Louisiana State Government Hit by Ransomware Attack Forcing Server Shutdowns (lien direct) | Targeted ransomware attacks on banking and finance, government, healthcare, and critical infrastructure are on the rise, with the latest victim being the state government of Louisiana.
The state government of Louisiana was hit by a large-scale coordinated ransomware attack yesterday, which forced the state to take several state agency servers offline, including government websites, email |
Ransomware | ||
|
2019-11-14 06:01:49 | Hackers Impersonating Financial Agencies Target German, Italian, US Firms (lien direct) | Security researchers have tracked down activities of a new group of financially-motivated hackers that are targeting several businesses and organizations in Germany, Italy, and the United States in an attempt to infect them with backdoor, banking Trojan, or ransomware malware.
Though the new malware campaigns are not customized for each organization, the threat actors appear to be more |
Ransomware Malware Threat |
To see everything:
Our RSS (filtrered)
